|
|
|
|
¹ÙÀÌ·¯½º
À̸§ |
W32/Balge.35761@mm |
¹ÙÀÌ·¯½º
Á¾·ù |
Worm |
½ÇÇà
ȯ°æ |
Windows |
Á¦ÀÛÁö |
ºÒºÐ¸í |
¹ß°ßÀÏ |
20050919 |
¹ÙÀÌ·¯½ºÅ©±â |
35,761 Byte |
¸ÞÀÏ
Á¦¸ñ |
°ø¹é |
÷ºÎÆÄÀÏ |
price_new.zip ¿Ü ´Ù¼ö |
¹ÙÀÌ·¯½º Áõ»ó |
ÀÌ ¿úÀº À̸ÞÀÏÀ» ÅëÇÏ¿© ÀüÆĵǸç,
°¨¿°µÈ ¸ÞÀÏÀ̳ª ÆÄÀÏÀ» ƯÁ¤ ¼¹ö·ÎºÎÅÍ ¹ÞÀ»¼ö ÀÖ´Ù.
[¸ÞÀÏ Á¦¸ñ]
°ø¹é
[¸ÞÀÏ ³»¿ë]
°ø¹é
price
new price
Password:
The password is
[÷ºÎÆÄÀÏ]
ÆÄÀÏ À̸§ Àº ´ÙÀ½ ¸®½ºÆ®¿¡¼ ¼±Åà µÈ´Ù.
09_price.zip
new__price.zip
new_price.zip
Newprice.zip
price_09.zip
price_new.zip
price.zip
price2.zip
[Ư¡]
¿úÀÌ ½ÇÇàµÇ¸é ´ÙÀ½°ú °°ÀÌ À©µµ¿ì ½Ã½ºÅÛ Æú´õ(win 2000, NT : c:\Wint\system32, win XP : c:\windows\system32)
¿¡ windll2.exe(35,761 Byte) ÆÄÀÏÀ» »ý¼ºÇÑ´Ù.
¶ÇÇÑ, ´ÙÀ½Ã³·³ ·¹Áö½ºÆ®¸¦ ¼öÁ¤ÇÏ¿© ´ÙÀ½ ºÎÆýà ½ÇÇàµÇµµ·Ï Á¶ÀÛÇÑ´Ù.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ru1n
Ç׸ñ¿¡
(windows 9x)
erthegdr = "c:\windows\system\windll2.exe"
(windows xp)
erthegdr = "c:\windows\system32\windll2.exe"
(windows 2000, NT)
erthegdr = "c:\winnt\system32\windll2.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru1n
(windows 9x)
erthegdr = "c:\windows\system\windll2.exe"
(windows xp)
erthegdr = "c:\windows\system32\windll2.exe"
(windows 2000, NT)
erthegdr = "c:\winnt\system32\windll2.exe"
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ru1n
(windows 9x)
erthegdr = "c:\windows\system\windll2.exe"
(windows xp)
erthegdr = "c:\windows\system32\windll2.exe"
(windows 2000, NT)
erthegdr = "c:\winnt\system32\windll2.exe"
À» »ý¼ºÇÑ´Ù.
±×¸®°í À§ÀÇ ·¹Áö½ºÆ®¸® Å°¿¡ ´ÙÀ½°ú °°Àº °ªÀÌ ÀÖÀ¸¸é »èÁ¦ ÇÑ´Ù.
9XHtProtect
Antivirus
EasyAV
FirewallSvr
HtProtect
ICQ Net
ICQNet
Jammer2nd
KasperskyAVEng
MsInfo
My AV
NetDy
Norton Antivirus AV
PandaAVEngine
SkynetsRevenge
Special Firewall Service
SysMonXP
Tiny AV
Zone Labs Client Ex
service
ÇÏÁö¸¸ ½Ã½ºÅÛ ³¯Â¥°¡ 2009 ³â 10¿ù 23ÀÏ ÀÌÈĶó¸é ·¹Áö½ºÆ®¸® Å°¸¦ »èÁ¦ÇÏ°í
ÀÚ½ÅÀ» Á¾·á ÇÑ´Ù.
ÀÌ ¿úÀº ÀÚü SMTP ¿£ÁøÀ» ÀÌ¿ëÇϸç, °¨¿°µÈ ½Ã½ºÅÛ¿¡¼ ¸ÞÀÏÁÖ¼Ò¸¦ ¼öÁýÇÏÁö ¾ÊÁö¸¸,
´ÙÀ½ URL ¿¡¼ ¸ÞÀÏ ÁÖ¼Ò¸¦ ³»·Á ¹Þ´Â´Ù.
clickhare.com
amerikansk-bulldog.dk
eventpeopleforyou.com
fyeye.com
ligapichangueras.cl
ekshrine.com
directeenhuis.nl
creacionesartisticasandaluzas.com
±×¸®°í ´ÙÀ½ ½ÎÀÌÆ®¿¡¼ eml.exe ÆÄÀÏÀ» ³»·Á ¹Þ´Â´Ù.
http://xxxrikansk-bulldog.dk/images/web.php
http://xxxckhare.com/images/web.php
http://xxxacionesartisticasandaluzas.com/bovedas/web.php
http://xxxecteenhuis.nl/images/web.php
http:///xxxhrine.com/images/web.php
http://xxxntpeopleforyou.com/help/web.php
http://xxxye.com/lyra/web.php
http://xxxapichangueras.cl/images/web.php
http://xxxalhost/script2.php
http://xxxalhost/script3.php
http://xxxalhost/sss.php
(ÀϺνÎÀÌÆ®¸íÀº xxx ó¸®)
´ÙÀ½ ¹®ÀÚ¿À» Æ÷ÇÔÇÑ ¸ÞÀÏÁּҷδ °¨¿°µÈ ¸ÞÀÏÀ» º¸³»Áö ¾Ê´Â´Ù.
@avp.
@derewrdgrs
@eerswqe
@iana
@messagelab
@microsoft
abuse
admin
anyone@
bugs@
cafee
certific
contract@
f-secur
feste
free-av
gold-certs@
google
help@
icrosoft
info@
linux
listserv
local
nobody@
noone@
noreply
ntivi
panda
postmaster@
rating@
root@
samples
sopho
support
update
±×¸®°í ´ÙÀ½°ú °°Àº Mutexe ¸¦ »ý¼ºÇÑ´Ù.
MuXxXxTENYKSDesignedAsTheFollowerOfSkynet-D
''D''r''o''p''p''e''d''S''k''y''N''e''t''
_-oOaxX|-+S+-+k+-+y+-+N+-+e+-+t+-|XxKOo-_
[SkyNet.cz]SystemsMutex
AdmSkynetJklS003
____--->>>>U<<<<--____
_-oO]xX|-S-k-y-N-e-t-|Xx[Oo-_
TCP 80 Æ÷Æ®¸¦ ¿¾î ³õ¾Æ ÆÄÀÏ ¾÷·ÎµåµîÀÇ ±â´ÉÀ» ¼öÇàÇÒ ¼ö ÀÖ´Ù. |
Ä¡·á ¹æ¹ý |
Åͺ¸¹é½Å Á¦Ç°±ºÀ¸·Î Áø´Ü/Ä¡·á °¡´ÉÇÕ´Ï´Ù.
|
Á÷Á¢Ä¡·á¹æ¹ý |
|
|
|
|
|